Andrew S. Tanenbaum, creator of MINIX, has published an open letter to Intel regarding Intel’s use of MINIX in the IME:
The only thing that would have been nice is that after the project had been finished and the chip deployed, that someone from Intel would have told me, just as a courtesy, that MINIX 3 was now probably the most widely used operating system in the world on x86 computers. That certainly wasn’t required in any way, but I think it would have been polite to give me a heads up, that’s all.
If nothing else, this bit of news reaffirms my view that the Berkeley license provides the maximum amount of freedom to potential users. If they want to publicize what they have done, fine. By all means, do so. If there are good reasons not to release the modified code, that’s fine with me, too.
I can still barely believe this whole story.
When I was reading the news especially since I had been involved in a similar project to use hypervisors/microkernel for management of sort that Intel is doing in ME, I was expecting to see a reaction from Minix team. Intel could have done better by at least giving credit to these people. It is a very hard task to develop at that level and having more people in be trained in that system level could be potentially beneficial for Intel and the whole community. Boy, I still do not get it why none Intel nor AMD nor motherboard developers could see a potential in having an Open BIOS! Coreboot and similar projects need a big push.
“Berkeley license provides the maximum amount of freedom to potential users” While that may be true, it does nothing to protect freedoms transitively (Intel’s users in this case). As we can see with this story, the end result was a reduction of the end user’s freedom to use/trust his computing device.
And? One of the biggest problems with the GPL is that it requires source code changes to be published. And it tends to “infect” projects that rely on other projects licensed under the GPL. This is one of the reasons Linux lacks decent proprietary device drivers (as drivers are goods at exposing hardware designs, allowing competitiors to steal your trade secrets).
I believe if you want true software freedom, the MIT/BSD licenses are the way to go. Freedom implies no restrictions. Therefore IMHO the GPL is not a free software license
This is a ridiculous argument and it remains ridiculous.
+Companies producing open-source drivers would have to negotiate patents, 3rd party code, general code ownership (even when 1st party) and potential exposure of trade secrets. proprietary code negates these issues. Another issue is the cost of producing clean-room engineered drivers lacking patented code and ownership issues is quite expensive, relative to proprietary drivers. This is added cost for very little benefit when you take into account the limited market share of open-source operating systems. Hence, 1st party open source drivers are almost non-existent.
So can you provide a reasonable argument refuting my claims, or are you going to resort to “ZOMGZORS UR TALKING BOLLOCKS AND UR FACE IS UGLY AND U SMELL!!!”
That kind of “doing the right thing would be a lot of work for little to no improvement for the big guy” argument isn’t a very convincing one, since it can just as easily be used to defend decisions we now all agree were wrong.
For example, refusing to switch away from a slave-based economy in the southern United States.
Edited 2017-11-07 16:07 UTC
Do i even need to explain what’s wrong with that argument?
Open source is not inherently right, and closed source is not inherently wrong. No-one is getting physically or mentally hurt from the license a piece of software is released under. blanket pooh-poohing of closed source is analogous to aparthied and the racism experience in America in the mid 20th century, and i think you should be ashamed of yourself. All 0’s and 1’s should be treated equally, regardless of their license!
Edited 2017-11-07 16:44 UTC
However, it is morally right to not artificially maximize the effects of planned obsolescence in technology which could otherwise be maintained and repaired to reduce the amount of pollution and wasted energy involved in recycling or landfilling the artificially obsolete stuff. (Especially given the pressure we’re putting on the environment as countries like China and India industrialize.)
While arguments can be made for non-driver code, when you’re talking about drivers, there’s a very good reason that “a car with its hood welded closed” has been the metaphor widely used by Free Software proponents to describe closed-source software for decades.
(Sort of like how we’re seeing more effort to spread this technique back out to hardware that was formerly reusable and/or user-serviceable, as with putting lockdown chips in print cartridges and John Deere using copyright law to sue farmers who repair their own tractors.)
Edited 2017-11-07 17:51 UTC
Then tell me how to maximize profit, not only for moguls and shareholders, but also pay the monthly wages ?
> Open source is not inherently right, and closed source is not inherently wrong. No-one is getting physically or mentally hurt from the license a piece of software is released under.
This argument is fucking retarded in a post-Snowden world.
GPL Code is the only code that is ethical. Anything else subverts end user rights and freedoms for developer control. It’s not worth running closed source code. Computing is too powerful to leave as closed source. Without open source control of humanity’s information will eventually become closed off.
Edited 2017-11-07 23:22 UTC
The ethical thing is to at least respect the source code licence; be it BSD, MIT, GPL, etc. That is, respect the software-code author’s wishes.
“subverts end user rights” … what “rights” ?
In fact, the user has a choice. The user can either use the respective technology or not use the technology.
“open source” and “control” do not belong in the same sentence, conerning a political conext. You either use open-source or do not use open-source but open-source should never be forced onto someone since this would impinge upon someone’s “freedom” of choice. A person should be free to choose a proprietary system over an open source system, it is their choice. The nature of GPL (not LGPL) represents a “force” (i.e. obligation) applied to a software developer in an extreme fashion not present if a BSD-like licence was operative. I have no problems with the existence of GPL/any licence since developers exercise their own psychology while selecting an appropriate licence for their open-source code. It is the devloper’s “right” to select a licence for their work in which they deem appropriate.
Proprietary technology does not limit your freedoms per-se.
You only limit your freedoms if you still keep using proprietary technology in which you had made the previous assessment that aspects of the proprietary technology were limiting your effectiveness.
If you feel you need access to open technology then you are free to seek an open solution or you can attempt to develop your own technology with yourself/friends or you can compromise.
Part of the problem is that the theme of open technology is a non-issue for most of society and so commercial entities do not address this issue more adequately.
I do not have problems with binary drivers (helping most of the Windows-only “sheeples” and being a “bonus” for open-source OSes) but it would also be nice to have “open” hardware documentation so that open-source (hobbyist/non-hobbyist) operating systems can truly be non-BLOB based for reasons of security/integrity/completeness/etc.
Sure, commercial entities have to protect their investments/IP but examples such as the increasing betterment of the open-source {radeon GPU driver, Mesa} graphics-stack to the point of nearly rivalling the Windows driver is an indication that good strides in the direction of open technology can happen. A more open-source friendly Nvidia would be a nice complement to AMD’s open-source stance.
“freedoms for developer control” are evident and getting better.
For my game-engine development, Apple’s non-interest in maintaining first-class support for OpenGL (> 2.1) and Vulkan have caused me to plan a migration of ny cross-platform {tooling, C++ code-base} from OSX to FreeBSD at some future date. Implicit was the notion that this would be a NVidia-GPU only environment. I can now envisage a near-term future where I can also exercise the radeon GPU option for open-source OS like FreeBSD/Linux.
See, I chose to use the Mac (2009 iMac), it was not my “right” to use the Mac. The Mac “just works”. However, since my technological interests are OpenGL/Vulkan-based and that Apple’s stance is against this (Metal 2) then my “rights” were not “subverted” but it was that my options were diminished and a solution to this is my future migration to FreeBSD as my primary software development platform.
You know, I think Intel did not adhere to the MINIX 3 license ( this page doesn’t show anything: http://www.minix3.org/license.html ) but it says BSD license and most (if not all versions of that) have something like this:
“Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.”
I don’t think Intel did, did they ?
cade,
Indeed, this is the problem with the “vote with your feet” stance, it only works so long as people like me have a choice to buy open firmware products in the first place.
Remote control functionality is often a requirement for managing servers, such as HP LO, Dell DRAC, Intel AMT, and third party offerings like Lantronix Spider. Knowing fully well the risks of proprietary firmware, and preaching about openness as I do, I of all people don’t have the excuse of ignorance when it comes to faulting me for buying proprietary gear…yet, this advice is 100% useless when that’s all there is on the market. My network runs DRACs, AMT, and Lantronix Spiders, all of which are proprietary and all of which I’ve have problems with in one way or another because they’re proprietary:
1. The DRACs have network bugs that cause them to crash.
2. It’s been recently revealed that Intel AMT had a decade old vulnerability. They updated the proprietary firmware, but there are still things I wish I could fix, like the stupid 8 character limit on VNC passwords (no more, no less). This is completely idiotic intel…
3. I found a bug with the Lantronix Spider that affected my ability to wake up machines remotely, I diagnosed the issue and provided Lantronix with everything including the packet traces needed to fix it. I did expect them to support the product, it wasn’t cheap after all. But low and behold after a few back and forths the representative candidly told me that they’re not putting any more engineering into the product (one that they’re still selling now).
It’s not logical to place blame on the consumers given the lack of choice, even hindsight doesn’t help us. Vendors are doing what’s best for themselves, which makes sense for them but for better or worse it leaves the market in a steady state where proprietary firmware is the norm. So what’s the solution? Unfortunately this seems very unlikely to change without some kind of interference.
However, with the continuing push to the “cloud” (which even mostly runs on open source!), source code access doesn’t guarantee the access to information.
Perhaps we should call it “fog”…
There isn’t a universal set of ethics. Ethics, like logic, starts from a set of asserted information, and then builds from there.
You seem convinced that backdoors and spying is impossible to do on an open source operating system…
http://www.zdnet.com/article/hacker-hundreds-were-tricked-into-inst…
https://www.theregister.co.uk/2016/05/09/allwinners_allloser_custom_…
https://www.theregister.co.uk/2010/12/15/openbsd_backdoor_claim/
https://arstechnica.com/information-technology/2012/02/malicious-bac…
https://www.scmagazine.com/malicious-plugin-installed-backdoor-on-20…
https://blog.sucuri.net/2014/04/joomla-plugin-constructor-backdoor.h…
https://betanews.com/2015/03/03/what-the-freak-huge-ssl-security-fla…
And of course there’s the multiple attempts the NSA has made to get Linux to put one into his kernel…
https://www.reddit.com/r/linux/comments/54in5s/the_nsa_has_tried_to_…
The idea that open source is somehow inherently safe is a fallacy. Sure, it’s much easier to audit the code for bugs, exploits and backdoors, but being open-source doesn’t necessarily mean it’s safer. If anything, it makes it as easy as spreading misinformation on Wikipedia, as long as your patch is accepted.
Ever heard of HeartBleed vulnerability in OpenSSL ? And the fact that strangely NSA try to push/modify some weaker cryptography algorithms instead than other (TrueCrypt affair) ?
Totally agree neither is more wrong or more right, so you and I share a philosophy. Those who differ are not analogous to racists (I know you did not mean that they are actual racists), they simply have different philosophies. To quote your own argument, opinion on open vs closed source does not cause human suffering, unlike racism. Great point none the less.
The123king,
Many developers like myself oppose patents because of some of the detrimental effects we feel they cause to the industry, but still, it isn’t correct to invoke patents as a reason Intel cannot publish the code.
Edited 2017-11-07 16:43 UTC
I don’t agree with patents either, and i think they’re a bane on the world of computing. That doesn’t mean it’s not a good idea to pay a developer for the work he’s done producing a product though. One of the symptoms of this complete disdain for paying for software has been the explosion in ad-riddle applications. You can’t even buy an Android phone nowadays without the lock screen being filled with adverts. I’d rather pay a feee to use the software a-free, than have hal;f my screen real-estate taken up by an advert trying to sell me crap.
Edited 2017-11-08 11:26 UTC
The123king,
This is quite unrelated to the previous discussion about patented drivers.
Sure I hate ads too. Whether we like it or not, it’s become an offshoot of the “everything is free” culture, it kills off the market for paid work. But just to be clear most of us talking about open source are referring to “free as in freedom, not as in beer”. When I buy a product, I want to have the freedom to modify it as I please.
Edited 2017-11-08 12:53 UTC
Yeah, but the limit is scarce between “modify” and “copy”…
Kochise,
Yes that’s a valid point: manufactures may not want to provide the code because they don’t want people copying code. And while this can be problematic for the open source community, at least I understand where they’re coming from.
However what is unacceptable is when they deliberately take steps to impede users from replacing the proprietary code with their own code. This “tivoization” of the industry, if you will, is unethical because it’s clearly not about protecting the manufacturer’s code so much as it is deliberately taking control and rights away from the owners.
I really think that the principals of “ownership” should automatically grant us a right to modify it and manufacturers should not be allowed to forcefully impede this right by blocking alternative software.
Edited 2017-11-08 14:52 UTC
If I’m a competitor and I want to discover how your Super Secret Driver works, get this: I can decompile & reverse engineer your driver.
Most hardware is so ridiculously simple at the driver interface anyway that me knowing which registers control a ring buffer is hardly going to clue me in to any trade secrets.
Are you referring to the effort it would take to remove third party code that you didn’t have permission to open source? If so, then yes as Sun discovered, its difficult and expensive. But if you own all the code, this takes no effort, because its completely unnecessary.
Any argument that assumes as a fact that closed source in a for-fee product is wrong is ridiculous.
Any Open Source license that allows code to be used in a Close Source product provides a freedom to the maker of that product. That freedom is a good thing.
If the provider of a product chooses to make the code for their product available to others, that is also a good thing.
It does not follow that providing a product that does not provide access to the source code is a bad thing. There is nothing wrong with it. The potential users are free to use or not use the software based on that attribute just as they are free to choose software based on a number of other factors.
There is no difference, ethically, between a company writing it’s own software and keeping the source closed than there is in using an Open Source license and keeping it closed. Insisting it is, without citing compelling reasons, is a ridiculous argument that remains ridiculous.
Free Software ( a la GPL ) is a different beast in terms of obligations. Again, it is up to the original author how they want to interact with the world.
For most things, I prefer Open Source to Free Software.
I think you’re misunderstanding the terms and are actually trying to draw a distinction between “permissive” and “copyleft” licenses.
(Permissive being BSD-like and copyleft being GPL-like)
If you actually look at their defining documents, there’s not really much concrete difference between “Free Software” and “Open Source” aside from how one might try to language-lawyer their definitions.
The Free Software Definition doesn’t require copyleft (in fact, they explicitly say that they consider non-copylefted free software to be ethical too.), nor do the Open Source Definition or the Debian Free Software Guidelines. (the DFSG being the third big document people turn to.)
All explicitly allow permissive licensing and the most noteworthy characteristics are:
1. The Free Software Definition uses the fewest bullet points, thanks to its “four freedoms” formulation.
2. The Open Souce Definition put the most effort into being apolitical, at the cost of more bullet points and a little more wiggle room to lawyer the letter of the definition for lack of as srong an underlying philosophy.
3. The Debian Free Software Guidelines communicate roughly the same thing as the Free Software Definition, but aim to be more explicit about things that the Free Software Definition trusted legal precedent on.
(And they paired it with a bunch of thought experiments to help answer questions about whether something is compliant. See “Q: How can I tell if a license is a free software license, by Debian’s standards?” in the DFSG FAQ.)
Compare for yourself:
https://www.gnu.org/philosophy/free-sw.html.en
https://opensource.org/docs/osd
https://www.debian.org/social_contract#guidelines
https://people.debian.org/~bap/dfsg-faq.html
Edited 2017-11-09 02:29 UTC
That is because it isn’t a legitimate argument… its a cop out.
OK for MIT/BSD, but BERKLEY (like chosen by Minix) is good too. I personally favor the ZLIB. And it’s normal people investing money into a technology wants to keep a little lead.
GPL are only defending their conception of freedom to benefit from proprietary work. Where are the GPL cpus, the GPL gpus, the GPL gsms and so on ? Software is one thing, hardware is another.
You do realize that the “B” in BSD stands for Berkley, right? Minix 3 uses the BSD license.
Too many licenses to choose from, what a freedom dilemma : https://spdx.org/licenses/
Sorry for the confusion. Been confused.
From https://en.wikipedia.org/wiki/Software_license and the “Rights in copyright” graph, in which color would you paint the GPL ? Plain forest green ?
Actually, it’s “Berkeley”
There are always Opencores… IIRC, ESA uses one family of them in their spaceships.
How do they perform face to, let’s say, Ryzen ?
Hm, quite poorly I imagine, in raw performance …but that’s not why people choose them, I guess (more for, say, ease of integration into FPGA; or in the case of ESA, manufacturing chips with radiation resistance)
So, no opencore available to fit that “power user niche” ? Regarding how computer now struggles with quad cores running at 3 GHz, who would play with a 32 bits single core at less than 2 GHz because it is “open” ?
Kochise,
Well, sometimes it’s worth sacrificing other parameters for openness, but it can also be a bridge too far. Sometimes you can’t find what want/need in an open form anywhere. I’m genuinely interested if anyone can recommend an open remote KVM solution.
For me, having a low budget makes things even harder, I source alot of secondhand equipment to save on costs. This is fine for the mainstream stuff, however it makes niche products that much more expensive and unavailable to me
It struggles? I think it’s ridiculously overpowered…
They wouldn’t be proprietary if they were licensed under GPL… In most cases, however, the reason seems to be general hostility towards openness and fair play. It is hard to imagine e.g. generic printer drivers would expose any kind of trade secrets.
Your use of the word “infect” makes it clear that you’ve bought into Microsoft’s old “viral license” smear campaign.
It makes more sense to say that the GPL is a “hereditary license”. Projects “inherit” the license from their ancestors and dependencies they choose. It doesn’t magically go out and “infect” unsuspecting passers-by.
If you don’t want to GPL your project, don’t use GPLed code …and don’t whine because you think you’re entitled to use my code without “living up to the terms of the contract” I offer. It would have been at least as easy for me to go the All Rights Reserved route.
Edited 2017-11-07 16:02 UTC
Yeah, it’s fascinating how that talking point (the infection) has gotten such high mileage. Especially since the license refers to code, there’s nothing in the GPL forbidding you to make your own code and release it under your own license, it’s just that you have to provide the GPLd code you got elsewhere.
The GPL only requires you to distribute your code along with the binaries. Doesn’t have to be published. But I admit this is a strawman-ish argumen.
“I believe if you want true software freedom, the MIT/BSD licenses are the way to go.”
Now this is where the real discussion begins:
From a purely code perspective, I agree with you. “Here is the code, do as you wish with it” is about the most liberal you can get. Yet it also implies that this code is subject to modifications which will never see the light of day (outside of the author’s company) in source form.
What about the end user’s freedom to use the product as they wish? Take the IME. Google, Purism (the first companies that come to mind) and many other individuals spend many hours on figuring out
a) what the IME actually does.
b) How it does what it does
c) How to strip parts that I don’t need/find dangerous.
I personally want my light switches + bulbs to turn on when I deem it necessary, not when the vendor thinks it is best for me. Sorry for the non-car analogy…
Not even that.
GPL requires that You make source code available with possible payment covering costs of making them available to USER of your software.
So GPL internal tools can stay inhouse.
And why AGPL was introduced for websites.
Freedom implies no restrictions beyond those required to uphold others’ rights. Being free doesn’t mean you’re free to restrict other peoples’ freedom.
Serafean,
This is very insightful. While beneficial to Intel, it can be less friendly towards end users who have fewer rights than if it had been something like GPL.
In this case though Intel was probably window shopping for a license that gave it all the rights. If MINIX were GPL, they’d have chosen something else.
>>I can still barely believe this whole story.
Really? You can ‘barely’ believe that Intel found a free/open technology that solved a problem they were facing and they used it? What about that is pushing your belief to the edge?
Can’t believe he’s trying to take credit for Intel’s work.
You have to give Andrew his day in the sun. He’s been waiting so long for Minix to amount to anything. Sadly, it still won’t. Thanks to the ‘license’ he so trumpets the chances of any drivers or changes being committed to make Minix usable elsewhere just isn’t going to happen.
Suddenly, he won! But it is unimportant, and not a very honourable use. And the license makes sure the deployers benefit and the users don’t…
The license still remains open enough for any moaner out there to improve the damn thing. How many forks and minix based distros out there ? Obviously it’s not Andrew’s fault if nobody cares but Intel.
With this kind of license there is zero guarantee that you can get to the code. Of course things have been modified and adapted.
pepa,
Yes, but this may be the lessor of two problems. Even if Intel provided the code, we still wouldn’t be able to bypass the hardware restrictions that prevent us from using binaries built with that source code.
If owners had a way to install their own code for the cpu’s management engine, then there would undoubtedly be enough interest from open source communities to do so independently of intel’s code. In addition to minux, it’s extremely likely someone would do a linux port and I’m sure there would be a great deal of interest from the formally verified kernel camp like sel4. 3rd party solutions (ie dd-wrt) are often even better in terms of security, features, and support than the original, provided that we’re not locked out.
Of course, we are all very much screwed with our modern x86 hardware, regardless of the license.
I think if it would have been the GPL-3 though, Intel would have needed to provide a way to install user-modified versions, in order to provide the software freedoms that license seeks to enforce.
pepa,
Yes a goal of GPL3 was to combat this tivoization, but it really seemed too late to have much impact. We can’t even get linux under it. Had GPL2 been GPL3 from the get-go, things might have been different, but unfortunately we didn’t have the foresight to mitigate the kinds of restrictions that corporations are imposing to lock out owners. Back then it wasn’t conceivable that manufacturers would work against owner control like they do today. The business models have done a complete 180, it used to be about delivering the power to users, and now it’s largely about platforms that control what we do.
Perhaps saying how you have a problem because of the license, it’s not the best way to illustrate how great you think the license is…
Not even the name is branded ..
Search on Amazon for Minix and see how many companies go by this name selling NUC’s and IoT stuff.
One? Have you found anything more than http://minix.com.hk?
Whatever You Do On The Open. Available to Be Drained Down to Profit, sometimes to Exploit. AndrewT mistake. AndrewT TEARS. Sorry About That.
That Goes Also For SQLite.
Edited 2017-11-07 19:18 UTC
Welcome to the real world.. 🙂
There is a definitely more interesting part of this story:
https://tech.slashdot.org/story/17/11/07/1041236/minix-intels-hidden…
I really hope it’s off by default
Edited 2017-11-08 13:37 UTC
greblus,
Actually no, not only is that not the default, but it cannot be disabled without a good deal of hacking and reverse engineering.
http://www.osnews.com/story/30062/Replacing_exploit-ridden_firmware…
In that case, the functionality that become publicly exploitable could be disabled (it’s not even present on all systems to begin with). However AMT as a whole is still running intel’s proprietary code and ordinary users cannot disable it.
Not mistakes. But FEATURES. All depend On Who are you talking to.
Hardware -as open community understand it- is known, or will be eventually known. Community at large, will eventually GRAB control of it.
Not wished, business side. Thats how IBM lost control of BIOS. And Clones came to exist.
As student many decades ago, learned that “popular control of technologies” turns SCARCITY, impossible to manage.
Lots of small companies where able to make IBM lookalikes.
Scarcity -along with other forms of sovereign privilege-ization (privatization) are foundational of oligopolies.
dionicio,
You never fail to deliver something thought provoking
Whatever this privatized Minix is. Should be a mini-Minix. Security Wise, the smaller attack surface, the easier to defend. AndrewT claim probably over the board.
If Intel had walked a similar path to AMDs -on the smallest RISC arch- shouldn’t be at this problem now.
(They even have some ARCHIVED portfolio on the area).
Could some pride got into this -on taking 86 arch- and the (natural) complementary Minix soft tech?
Most probably, the issue was decided back then around not having the HUMAN expertize anymore.(Ha ha sorry AI, you still need at least SOME of us).
Sad to see where today’s efforts are going at IT.
But, Is it your Cerberus? Is it Intel’s?
Asus also need a GRAB at its sovereign over the mobo. Not to Say about Fox and Netflix.
The Whole issue is an “Inception” madness :/
So Tannenbaum’s minix has no usb, but Intel’s one does and thanks to BSD it will never be commited to main Minix distro.
Thanks to the license, Minix has no chance to make it as a usable system for our PCs.
So while GPL is to my eyes political and ethical right, BSD one is political but not ethical right (and who said that ethical should be taken into consideration by judges)
BSD license looks more and more like our corrupted politicians. Dual language, violence, secrets and oppression